diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.qhelp b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.qhelp
index f8bfc87a9c3..cca6b6e4a5b 100644
--- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.qhelp
+++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.qhelp
@@ -22,9 +22,9 @@ An attack would look like this:
 <recommendation>
 <p>
 Do not use an open <code>HostnameVerifier</code>.
+</p>
 <li>If you use an open verifier to solve a configuration problem with TLS/HTTPS you should solve the configuration problem instead.
 </li>
-</p>
 
 </recommendation>